Insider Trading: SEC Describes $4.1 Million Hacking Scheme

The U.S. Securities and Exchange Commission has charged seven individuals and two organizations with being part of an international scheme that hacked the SEC's EDGAR document system, stole nonpublic corporate information and used it to illegally earn $4.1 million via insider trading.

In a parallel action, the New Jersey U.S. Attorney's Office on Tuesday unsealed a 16-count criminal indictment charging two Ukrainian individuals with wire fraud, securities fraud and computer fraud, among other charges.

SEC complaint

The SEC's complaint accuses a Ukrainian man of hacking and working with six individual traders in California, Ukraine and Russia, as well as two organizations, to perpetrate the hacking and insider-trading scheme in 2016.

"The SEC's complaint charges each of the defendants with violating the federal securities anti-fraud laws and related SEC anti-fraud rules and seeks a final judgment ordering the defendants to pay penalties, return their ill-gotten gains with prejudgment interest, and enjoining them from committing future violations of the anti-fraud laws," the SEC says.

The Ukrainian national named in the complaint, Oleksandr Ieremenko, allegedly hacked into EDGAR, the SEC's electronic filing system for company data that processes more than 1.7 million documents a year. Authorities say he managed to bypass the system's authentication controls.

The criminal indictment brought by the New Jersey U.S. Attorney's Office names Ieremenko, as well as Artem Radchenko, who is also a Ukrainian national, and says they allegedly worked with one or more unnamed co-conspirators.

"The defendants allegedly orchestrated sophisticated computer intrusions to steal nonpublic information from the SEC, compromising the integrity of the market and depriving honest investors of a level playing field," Brian Benczkowski, who serves as the assistant attorney general for the criminal division of the Justice Department, says in a statement. "The Department of Justice will aggressively pursue and prosecute those who attack our financial markets and seek to profit unfairly, no matter where such offenders reside."

Authorities say Ieremenko and some of the traders were previously charged with being part of an international insider trading scheme that used nonpublic information stolen from hacked U.S. newswires.

Hacked: EDGAR

The later EDGAR hacking scheme was first disclosed by the SEC in September 2017. But the hackers allegedly began targeting EDGAR around February 2016, according to the criminal indictment.

Criminal complaint filed in New Jersey federal court

The hackers retrieved nonpublic "test files" uploaded by companies prior to releasing information publicly, and they sold this information to others from about May 2016 until about October 2016, the SEC's complaint alleges.

"In some instances, these test filings included submissions by public companies that contained earnings results and other material information that the companies had not yet released to the public," according to the SEC's complaint. "The hacked material nonpublic information was then transmitted to traders who, in connection with approximately 157 earnings announcements, used it to place profitable securities trades before the information was made public."

Steven Peikin, co-director of the SEC's enforcement division, says in a statement: "The trader defendants charged today are alleged to have taken multiple steps to conceal their fraud, including using an offshore entity and nominee accounts to place trades. Our staff's sophisticated analysis of the defendants' trading exposed the common element behind their success, providing overwhelming evidence that each of them traded based on information hacked from EDGAR."

Insider Trading Accusation

The SEC alleges that the following traders and organizations - including their last known location - received EDGAR information stolen by Ieremenko, which they used to trade:

Sungjin Cho, Los Angeles;

David Kwon, Los Angeles;

Igor Sabodakha, Ukraine;

Victoria Vorochek, Ukraine;

Ivan Olefir, Ukraine;

Andrey Sarafanov, Russia;

Capyield Systems Ltd., owned by Olefir;

Spirit Trade Ltd.

Each of the defendants has been charged in the SEC complaint with violating federal securities anti-fraud laws. The regulator says it's seeking a final court judgment that orders the defendants "to pay penalties, return their ill-gotten gains with prejudgment interest" and which prohibits them "from committing future violations of the anti-fraud laws."

In addition, "The SEC ... named and is seeking relief from four relief defendants who profited from the scheme when defendants used the relief defendants' brokerage accounts to place illicit trades," according to its complaint. A relief defendant refers to an individual who's not accused of any wrongdoing, but who received gains tied to alleged criminal activities.

Alleged: $270,000 Made in 24 Hours

Court documents show how the alleged insider trading scheme worked:

Test filing: For example, on May 19, 2016, at 3:32 p.m., "public company 1" uploaded a test filing containing its second quarter results to the EDGAR servers.

Data theft: "Six minutes later, the defendants stole the test filing and uploaded a copy to the Lithuania server," according to the criminal complaint.

Purchase shares: "Between 3:42 p.m. and 3:59 p.m., a conspirator purchased approximately $2.4 million worth of shares of public company 1."

Earnings release: "At 4:02 p.m., public company 1 released its second quarter earnings report and announced that it expected to deliver record earnings in 2016."

Sell shares: "Over the next day, the conspirator sold all the acquired shares in public company 1 for a profit of more than $270,000."

Newswire Hacking Scheme

The SEC's complaint says that before the EDGAR hack, Ieremenko was also responsible for hacking into major U.S. newswires to steal confidential, nonpublic information on businesses as part of an international insider-trading scheme. Some of the same traders were also involved, the SEC says.

Charges in that case were first unsealed by the U.S. attorney for New Jersey in 2015. A criminal indictment charged Ieremenko with being part of an international conspiracy that included hack attacks against three newswire organizations. The indictment charged nine suspects with being part of a conspiracy that stole 150,000 confidential press releases before they were publicly released and then used the information contained in about 800 of those releases for insider trading purposes, resulting in $30 million "in illicit trading profits" (see: Feds Charge 9 with $30M Insider Trading, Hacking Scheme).

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.